permalink

1

More news on Google Chrome and the HTTP Referrer

Late last night (CET), I was informed by SEOMoz that they published my recent guest post about Google Chrome not sending referrer data from Google Plus. As it turned out, the lost referral data was caused by a change to Google Chrome to enforce the use of SSL encryption on Google+.

Today I read a notice on the Google Chrome releases blog about a new development release of Chrome 17. One of the changes caught my eye:

Support for <meta name=”referrer”>

A “referrer” meta tag? And look! It’s spelled correctly! This is amazing, but what does it do?

I found this information on the WHATWG wiki page about the proposed tag:

Using the referrer metadata attribute, a document can control the behavior if the Referer HTTP header attached to requests that originate from the document.

Which I would understand as a way for the page author to define if referrer information should be sent to the target web site. Possible values for this meta tag are:

  • never
  • always
  • origin
  • default

While ‘never’ and ‘always’ are pretty clear, I’d like to explain the other two. ‘default’ is meant to work the same as today which means the browser does transmit the complete URL of the document which is the origin of the request (i.e. the URL of the web page on which the user clicked a link) unless the origin is using Transport Layer Security, more commonly known as ‘SSL encryption’ and the target is not. Here are the rules for ‘default’:

  • http -> http : Referrer is transferred
  • http -> https : Referrer is transferred
  • https -> http : Referrer is set to blank
  • https -> https : Referrer is transferred

If the value of the ‘referrer’ meta tag is set to origin, the user agent will send an ASCII serialization of the origin, basically a combination of the protocol, the hostname and the port, e.g. http://www.webkruscht.com, as defined in the Web Origin Concept

Setting this ‘referrer’ meta tag to ‘origin’ basically results in only revealing the site a user comes from to the target site, without ‘leaking’ any more information. Google already does a similar thing if you use their encrypted search or click on links from Google Plus. The introduction of this tag puts the decision to transfer the referrer data in the hands of the web master. Which is a good idea I think as the owner of a site should be able to decide if any harm could be done to his users if the referrer is transmitted completely.

Looks like we can expect this meta tag to be processed as defined in the next version of Google Chrome.

1 Comment

  1. Pingback: iOS6 and the missing referrer data » Web[kʀuːʃt] | Webkruscht

Leave a Reply

Required fields are marked *.